rodauth-oauth 0.10.0 → 0.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9b68ff6e15b91128db72a07fa91b86afb70352f9582fa8c27e7abfe3c0dc17c
-  data.tar.gz: 1c35b67bc10619c8de31cbcef514636e7975307a0cfc02585ae10ec97de74be1
+  metadata.gz: 9a8ec41b29b514398bc764c53190df1b832387e1c392dd4c03988ffc16bdf0c5
+  data.tar.gz: 565c9ebb6871cd7a36b2ddf549cd368c509bce9303fb308cda4620d96a191647
 SHA512:
-  metadata.gz: 2cf0e357529093b45834697c54bae5eaf17419885e04ccba279d18e65464aa8d8fb2e49da09dd5c96c83331e0f60915e993af5dfc7decfff4c8752b5401dfe8a
-  data.tar.gz: 784d5184526ff8dcbc3c112eb58311705baf82e1bf17b40b87cd55dc43f0b06cc6bf7c2cb71f67caf315008b14d3fe4b9fe8eea991a0475586bf4effb0d77ed3
+  metadata.gz: 724c9d6bf98689b63f1919ea9e513907c784152b7a164797e152f6cf5c9bacf19364bf8ea0df8dd3b03f281f2190eaafb0927d70d040e1c636eea8e7a4846269
+  data.tar.gz: f89c6dea666c7bfe2b8722d84cbc04cf38c42dc9827df4ec05596d490dc73cbd0f1ac3e57adf358a564dc37ef774f913df383192ee63771a91a6cdc454d35c4e

data/doc/release_notes/0_10_1.md

@@ -0,0 +1,5 @@
+### 0.10.1 (20/06/2022)
+
+#### Bugfixes
+
+* refresh token grant logic wasn't scoping the token to be revoked/retokened, which was a bug introduced in a recent refactoring (commit 83e3f183f6c9941d37c8fe8cfd3fc258ab9c576a).

data/doc/release_notes/0_9_2.md

@@ -4,7 +4,7 @@
 
 * Fixed remaining namespacing fix issues requiring usage of `require "rodauth-oauth"`.
 * Fixed wrong expectation of database for resource-server mode when `:oauth_management_base` plugin was used.
-* oidc: fixed incorrect grant creation flow whenn using `nonce` param.
-* oidc: fixed jwt encoding regression when not setting encryption method/algorithmm for client applications.
+* oidc: fixed incorrect grant creation flow when using `nonce` param.
+* oidc: fixed jwt encoding regression when not setting encryption method/algorithm for client applications.
 * templates: added missing jwks field to the "New oauth application" form.
 * Several fixes on the example OIDC applications, mostly around CSRF breakage when using latest version of `omniauth`.

data/doc/release_notes/0_9_3.md

@@ -1,4 +1,4 @@
-### 0.9.2 (30/05/2022)
+### 0.9.3 (30/05/2022)
 
 #### Bugfixes
 

data/lib/rodauth/features/oauth_base.rb

@@ -589,7 +589,7 @@ module Rodauth
       redirect_response_error("invalid_grant") unless token_from_application?(oauth_token, oauth_application)
 
       rescue_from_uniqueness_error do
-        oauth_tokens_ds = db[oauth_tokens_table]
+        oauth_tokens_ds = db[oauth_tokens_table].where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
         access_token = _generate_access_token(update_params)
 
         if oauth_refresh_token_protection_policy == "rotation"

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.10.0"
+    VERSION = "0.10.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.10.1
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-10 00:00:00.000000000 Z
+date: 2022-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rodauth
@@ -40,6 +40,7 @@ extra_rdoc_files:
 - doc/release_notes/0_0_5.md
 - doc/release_notes/0_0_6.md
 - doc/release_notes/0_10_0.md
+- doc/release_notes/0_10_1.md
 - doc/release_notes/0_1_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_3_0.md
@@ -72,6 +73,7 @@ files:
 - doc/release_notes/0_0_5.md
 - doc/release_notes/0_0_6.md
 - doc/release_notes/0_10_0.md
+- doc/release_notes/0_10_1.md
 - doc/release_notes/0_1_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_3_0.md